Debian Patches
Status for chkrootkit/0.58b-5
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| chkrootkit-chk_fingerd.patch | chkrootkit: chk_fingerd (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_inetdconf.patch | chkrootkit: chk_inetdconf Remove unnccessary uses of cat and grep Fix support for -r/x (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| chkrootkit-chk_telnetd.patch | chkrootkit: chk_telnetd (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-printn.patch | chkrootkit-printn Modify chkrootkit's printn to use printf if available. This improves readability of the output (if no -q given) by right-aligning the "nothing found" results. . A previous comment noted that upstream was not interested in this patch as printf is not portable. However, this patch should work even if printf is not present. (Forwarded by email: 21 Dec 2024) |
Jari Aalto <jari.aalto@cante.net> | invalid | debian | 2005-12-14 | |
| chkrootkit-Debian-cd.patch | chkrootkit-Debian-cd chkrootkit: cd /usr/lib/chkrootkit. Debian-specific change to cd to /usr/lib/chkrootkit . Upstream chkrootkit is designed to be run from it's build directory, so calls all its executables with a "./" prefix. On Debian, executables are placed in /usr/lib/chkrootkit. . This patch is from 2017 or earlier. Last-Updated: 2021-10-10 |
Unknown Author <team+pkg-security@tracker.debian.org> | not-needed | 2017-07-09 | ||
| 11_logpath.patch | Debian-specific: Read logs from /var/log instead of /var/adm Unclear if this should be upstreamed, some of these paths may be Debian-specific Dates from 2017 or earlier. Affects various files (Forwarded by email: 21 Dec 2024) |
Giuseppe Iuculano <giuseppe@iuculano.it> | invalid | 2017-07-09 | ||
| 01_nostrip.patch | Makefile: Debian-specific: Remove explicit use of 'strip' from the upstream Makefile debhelper will automatically strip everything when we build the package. This is a Debian-specific modification - upstream unlikely to want this. (Forwarded by email: 21 Dec 2024) |
Francois Marier <francois@debian.org> | invalid | debian | 2021-10-10 | |
| Makefile-flags.patch | Makefile 1) Honor preprocesor and linker flags added at compile time by debhelper. Thanks to Lukas Schwaighofer for suggesting some improvements. Dates from 2017 or earlier Author: Marcos Fouces <marcos@debian.org> Date: Sun Jul 9 18:42:55 2017 +0200 2) Makefile: allow STATIC to be disabled - needed on termux compiling within termux fails with '-static', and strings-ststic compiles without it, so allow users to override STATIC when building Author: richard.lewis.debian@googlemail.com (Nov 2024) (Forwarded by email: 21 Dec 2024) |
Marcos Fouces <marcos@debian.org> | invalid | 2017-07-09 | ||
| chkdirs.patch | chkdirs: Simplify, fix compiler issues, spelling mistake, and return value 1. fix return logic Author: Christian Göttsche <cgzones@googlemail.com> Date: Fri Jul 24 17:55:36 2020 +0200 If called with multiple arguments, fail if any directory fails, not only the last one. 2. fix spelling error in error message Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Fri Oct 15 22:55:03 2021 +0100 Forwarded: yes - (forwarded by email, 12 mar 2023) Replaces 'WARNIING' with 'WARNING' and removes trailing whitespace 3. Various compilation issues Author: Christian Göttsche <cgzones@googlemail.com> Date: Fri Jul 24 17:55:36 2020 +0200 Last-Updated: 2021-10-10 Forwarded: https://lists.debian.org/debian-security-tools/2021/10/msg00006.html a) chkdirs.c: In function ‘make_pathname’: chkdirs.c:73:38: error: comparison of integer expressions of different signedness: ‘long unsigned int’ and ‘int’ [-Werror=sign-compare] 73 | if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { | ^ chkdirs.c:182:7: warning: Potential leak of memory pointed to by 'dl' fprintf(stderr, "lstat(%s/%s): %s\n", ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/x86_64-linux-gnu/bits/stdio2.h:113:3: note: expanded from macro 'fprintf' __fprintf_chk (stream, __USE_FORTIFY_LEVEL - 1, __VA_ARGS__) ^~~~~~~~~~~~~ b) chkdirs.c: In function ‘usage’: chkdirs.c:56:6: error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn] 56 | void usage () | ^~~~~ c) chkdirs: use strdup to avoid stringop-overflow warning /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: ‘__builtin_strncpy’ specified bound depends on the length of the source argument [-Werror=stringop-overflow=] 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ chkdirs.c: In function ‘check_dir’: chkdirs.c:111:25: note: length computed here 111 | if (!path || !(plen = strlen(path))) { | ^~~~~~~~~~~~ d) chkdirs: fix dead code - Found by Cppcheck In line 72 buffer is forced to be non-NULL, because it got dereferenced in line 71. chkdirs.c:71:10: warning: Either the condition 'if(buffer)' is redundant or there is possible null pointer dereference: buffer. [nullPointerRedundantCheck] if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ chkdirs.c:72:8: note: Assuming that condition 'if(buffer)' is not redundant if (buffer) free((void *)*buffer); ^ chkdirs.c:71:10: note: Null pointer dereference if (!(*buffer) || (sizeof(*buffer) < pathname_len)) { ^ e) chkdirs: fix memory leak - Found by Cppcheck chkdirs.c:126:2: error: Memory leak: curpath [memleak] return(-1); ^ 5. chkdirs: simplify Author: richard.lewis.debian@googlemail.com i) Remove use of linked lists and malloc: previous implementation creates a linked list of things to check, and then immediately checks recursively and frees the list: Just check recursively, and rather than mallocing a buffer, just reuse a single one buffer. ii) Ensure NAME_MAX is always defined. iii) Improve error message if we find an unsupported file system, (it's not just BTRFS but also OVERLAYFS that) (Forwarded by email: 21 Dec 2024) |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | invalid | 2020-07-24 | ||
| chklastlog.patch | chklastlog 1. Make chklastlog support -q Author: lantz moore <lmoore@debian.org> Date: Thu Oct 3 01:02:10 2002 -0400 This makes chklastlog support -q, to suppress output. (A later patch to chkrootkit will pass -q through so that even more output is hidden if -q is passed to chkrootki). 2. Fix compilation warnings a) chklastlog: remove unused variable (pwdent never used) while ((pwdent = getpwent())) { ^ ~~~~~~~~~~ b) chklastlog: remove unused and shadowing variable chklastlog.c: In function ‘main’: chklastlog.c:109:10: error: declaration of ‘uid’ shadows a global declaration [-Werror=shadow] 109 | uid_t *uid; | ^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ chklastlog.c: In function ‘getslot’: chklastlog.c:295:48: error: declaration of ‘uid’ shadows a global declaration [-Werror=shadow] 295 | int getslot(struct s_localpwd *localpwd, uid_t uid) | ~~~~~~^~~ chklastlog.c:79:8: note: shadowed declaration is here 79 | uid_t *uid; | ^~~ c) chklastlog: resolve signed comparison This replaces an earlier patch by: Giuseppe Iuculano <giuseppe@iuculano.it> Date: Sun Jul 9 18:42:55 2017 +0200 chklastlog.c: In function ‘main’: chklastlog.c:169:33: error: comparison of integer expressions of different signedness: ‘long int’ and ‘long unsigned int’ [-Werror=sign-compare] 169 | if (wtmp_bytes_read < sizeof(struct utmp)) | ^ chklastlog.c:189:45: error: comparison of integer expressions of different signedness: ‘long int’ and ‘long unsigned int’ [-Werror=sign-compare] 189 | if (wtmp_bytes_read < sizeof(struct lastlog)) | ^ d) chklastlog.c | 4 ++-- chklastlog: silence array-bounds warning In file included from /usr/include/string.h:495, from chklastlog.c:45: In function ‘memcpy’, inlined from ‘main’ at chklastlog.c:114:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [14, 126] is out of the bounds [0, 14] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In function ‘memcpy’, inlined from ‘main’ at chklastlog.c:115:9: /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34:10: error: ‘__builtin_memcpy’ forming offset [17, 126] is out of the bounds [0, 17] [-Werror=array-bounds] 34 | return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ e) chklastlog: fix out of bounds access - Found by Cppcheck We dereference userid at *uid, so *uid must be strictly smaller than userid' size. chklastlog.c:184:14: warning: Either the condition '*uid>99999' is redundant or the array 'userid[99999]' is accessed at index 99999, which is out of bounds. [arrayIndexOutOfBoundsCond] if (!userid[*uid]) ^ chklastlog.c:178:26: note: Assuming that condition '*uid>99999' is not redundant if (*uid > MAX_ID) ^ chklastlog.c:184:14: note: Array index out of bounds if (!userid[*uid]) ^ 2. (Author: richard.lewis.debiam@googleamail.com) Fix compilation on Android: Android does not use lastlog, but compilation was failing as there is no getpwent: make chklastlog do nothing on android, and add an error message so we do not silently do nothing) Also fix indentation. (Forwarded by email: 21 Dec 2024) |
lantz moore <lmoore@debian.org> | invalid | debian | 2002-10-03 | |
| chkproc.patch | chkproc 1. Fix race condition where processes that start/exit between checking /proc and ps(1) output are flagged as hidden. This was first written by Adrian Bridgett <adrian@smop.co.uk> in Fri, 24 Jul 2020 14:59:35 +0200. (Except for a single-line change to set pv to 3, which was from Giuseppe Iuculano <giuseppe@iuculano.it> Date: Sun, 9 Jul 2017 18:42:55 +0200 -- this is kept, as it seems a suitable default for all platforms, but in fact chkrootkit explicitly sets pv anyway) 2. Comment out code that sends signals to individual processes. This is very risky as it is most likely to result in non-rootkits being killed or resuming. It does slightly reduce functionality -- ideally such a feature would be done in a separate process to keep chkproc. This was contributed by Francois Marier <francois@debian.org> with a date: Mon, 21 Apr 2008 11:17:03 +0000. (This is merged into this patch to make it easier to maintain). 3. Fix various compilation errors and warnings. These were originally contributed by =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> Mainly: a) ignore return value from fgets in readline b) use size_t not int in readline, dodgy_process c) use ssize_t in dodgy_process d) declare ps_cmds and commands that use it as 'const' (This is merged into this patch to make it easier to maintain). 4. various fixes (Author: richard.lewis.debian@googlemail.com) a) Support NetBSD PID 0 is allowed (although 1 is still init) netbsd's ps(1) is incompatible with the other ps commands. It does support getpriority(2) (As does FreeBSD?) so enable that check. The contents of /proc/pid are similar to linux (excpet for hidden thread ids) so reuse that code. b) Also works on __android (termux) Android is linux, but many things are not accessible. c) Simplify and correct checking for linux threads We do not need a separate isathread variable, just set psproc snd dirproc to 1 for numeric tids (TIDs are always numeric) d) Allow -p on any OS chkrootkit is actually passing -p already, but chkproc only allowed it on linux keep the checks for "numeric tids have hidden dirs in /proc" linux-specific This allows you to, eg, use gnu's ps on OpenBSD, or to test parsing e) replace tabs with spaces f) New (deliberately undocumented) args to allow using custom commands for ps (use -p to choose how to parse output!) or to use a different dir as /proc and to disable the use of getpriority(2). This allows for testing of the logic g) Ensure a valid return value exit codes should be 0...255 not an arbitrary int: so just return 0 or 1 h) Include fnctl.h -- needed on some systems i) Better output When outputting details of processes, include the contents, without trailing whitespce, of /proc/pid/cmdline /proc/pid/comm (linux only) /proc/pid/cgroup (linux only) (Introduce a new function showfile to do this) Refactor code to show a symlink target into a function to avoid duplication. readdir is section 3 not 2 Last-Updated: 2024-12-15 (Forwarded by email: 21 Dec 2024) |
Adrian Bridgett <adrian@smop.co.uk> | invalid | 2020-07-24 | ||
| chkutmp.patch | chkutmp Various, minor, patches to improve chkutmp. 0) Improve output -- the message needs 'was' not 'were' because "The tty" is singular Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat, 16 Oct 2021 23:51:50 +0100 1a) Improve parser - Use larger arrays for ps_tty, ps_user, ps_args to avoid overflow - Use 'ps axk' (not really necessary) - replace newlines with \0 on parsing From: "Aaron M. Ucko" <team+pkg-security@tracker.debian.org> Date: Sun, 9 Jul 2017 18:42:55 +0200 1b) From an unknown author, in Debian since 2017 or earlier - when grabbing pid, limit size to UT_PIDSIZE not UT_LINESIZE (avoid possible overflow in pid) 2) avoid various compilation warnings These were contributed by =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> on Date: Fri, 24 Jul 2020 16:28:53 +0200 a) declare cmd as 'const' b) make signature of main be void, since argc and argv are unused c) remove unused variable 3) Improve output -- the message needs 'was' not 'were' because "The tty" is singular Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat, 16 Oct 2021 23:51:50 +0100 4) chkutmp: do not silently do nothing on unsupported platforms Author: Richard Lewis <richard.lewis.debian@googlemail.com>, Nov 2024 (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| chkwtmp.patch | chkwtmp Minor fixes to avoid compiler warnings and overflows. a) use strncpy not memcopy when setting wtmpfile From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> Date: Fri, 24 Jul 2020 16:01:15 +0200 b) include stdlib.h From: Giuseppe Iuculano <giuseppe@iuculano.it> Date: Sun, 9 Jul 2017 18:42:55 +0200 Items c-g from richard.lewis.debian@googlemail.com, Nov 2024 c) chkwtmp: fix compilation errors and indentation: declare args of printit(), fix indentation (tabs) and remove trailing whitespace d) Fix arg parsing and encoding - arg passing code should not assume the file is 127 bytes long. This could actually read bits of envp into wtmpfile. - Fix accents in comment to be valid utf8 e) Ensure return code is not too large - should be 0..255, not an arbitrary int. f) Remove duplicate #ifdefs g) Do not silently do nothing on an unsupported platform (Forwarded by email: 21 Dec 2024) |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | invalid | 2020-07-24 | ||
| check_wtmpx-do-not-silently-do-nothing-on-unsupported-pla.patch | check_wtmpx: do not silently do nothing on unsupported platforms (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-09-16 | ||
| ifpromisc.patch | ifpromisc Improvements for ifpromisc: 1. Better output * if a 'packet sniffer' is detected, its pid is output as well as the name (has_packet_socket returns a struct packet_info or NULL to enable this include dirent.h and sys/stat.h, make packet_info->inode be an ino_t and add a pid in read_proc_net_packegt, make inode be a long not an int, in walk_prcess: do not call perror if we get ENOENT, and save the pid) * instead of PF_PACKET the output is "PACKET_SNIFFER" Author: lantz moore <lmoore@debian.org> Date: Sun Nov 27 01:47:06 2005 -0800 2. Better return value (and reindent) * Add global variable retval, starting at 0: it is set to 2 on error, 1 if a sniffer is found (and so 0 is no sniffers) * Also reindent Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat Jun 8 20:24:30 2024 +0100 3. Minor compilation fixes a) Include stdint.h (Provided by an unknown contributor, Sun Jul 9 18:42:55 2017 +0200) Other fixes from Christian Göttsche <cgzones@googlemail.com>, Fri Jul 24 15:30:57 2020 +0200: b) Always null-terminate interface names (in if_fetch, copy sizeof(ife->name) - 1 bytes and add a \0) c) Hide warning about not checking the result of fgets, check result of readlink (in walk_process) d) declare strings Release and Version as 'const' (Forwarded by email: 21 Dec 2024) |
lantz moore <lmoore@debian.org> | invalid | 2005-11-27 | ||
| strings.patch | strings-static Fix compiler warnings in strings.c: a) printmeindex should be of type size_t not int b) do not set printmeindex to zero when printing last string (Forwarded by email: 21 Dec 2024) |
=?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | invalid | 2020-07-24 | ||
| check_if_debian.patch | check_if_debian New helper to check whether reported files are from Debian packahes, using dpkg-query This is safe to use on non-Debian systems (it will do nothing unless dpkg-query is found) (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-08-14 | ||
| check_php.patch | check_php Add a helper to check whether files are php scripts, this is needed for the check of files in /tmp -- that test uses 'find', but we can't safely run a shell pipeline on the results unless we use a helper, given that files in /tmp are likely to have unusual characters in their names (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | debian | 2024-06-29 | |
| README.patch | README Update README to mention -e and attitude to false positives (Forwarded by email: 21 Dec 2024) |
"francois@debian.org" <francois@debian.org> | invalid | 2017-07-09 | ||
| chkrootkit-top-level.patch | chkrootkit: top-level Improvements for chkrootkit: top-level only: a) Reindent, remove trialing spaces, use $(...) not `...`, quote variables, ensure global variables like $QUIET are defined Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat Feb 18 20:13:12 2023 +0000 and subsequently b) Define egrep using ${grep} Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat Feb 18 20:30:05 2023 +0000 c) Simplify loc() Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sun, 7 Jul 2024 18:17:18 +0100 d) getCMD - do not look at running processes if -r is given Author: Richard Lewis <richard.lewis.debian@googlemail.com> e) Simplify exclude_fstype() Originally from: Francois Marier <francois@debian.org> Date: Sun, 9 Jul 2017 18:42:55 +0200 Rewritten by: Richard Lewis <richard.lewis.debian@googlemail.com> f) Add option -e, to exclude files from results Author: francois@debian.org <francois@debian.org>, Roger Leigh <Roger Leigh rleigh@debian.org> Date: Sun Jul 9 18:42:55 2017 +0200 (From: richard.lewis.debian@googlemail.com: Also use the $findargs variable to make -e apply to tests that use $find. By using set -f, we can allow globbing in the argument to -e g) Add option -s, to exclude results from ifpromisc results Author: Stefano Torricella <stetor@y2k.it> Date: Thu May 6 12:34:31 2010 +0200 h) If -q is given, prepare to pass -q to helpers Author: lantz moore <lmoore@debian.org> Date: Thu Oct 3 01:02:10 2002 -0400 i) Improve -h output Author: Marcos Fouces <marcos@debian.org> Date: Mon Apr 13 10:59:08 2020 +0000 Bug-Debian: https://bugs.debian.org/586897 j) add xargs to $cmdlist - we will use it in future Author: Richard Lewis <richard.lewis.debian@googlemail.com> k) define $path_for_tools to that external helpers can use the same path set with -p Author: Richard Lewis <richard.lewis.debian@googlemail.com> l) fix relative dirs in PATH when setting $newpth, need a / after ROOTDIR in the 'else' branch to support relative dirs in $PATH (eg: .) Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Mon Jul 8 00:14:02 2024 +0100 m) use check_if_debian Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Wed Aug 14 18:24:14 2024 +0100 n) define _filter __filter, find_and_check etc Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Mon Aug 26 17:02:57 2024 +0100 NB that Move checking of $EXCLUDE inside _filter, so that every test now makes use of the excludes passed with -e This means that the debian-specific part moves to __filter() (which is a no-op on non-debian or if using -r) (There is a slight incompatibility in that if you use -r, you should now include the ROOTDIR in the argument to -e, and you should include a leading /) NB: we use a 'case' rather than 'if' so that '-e /usr/*' works: '$EXCLUDE' will contain '/usr/*' and we need to prevent this from expanding too soon. So we use 'set -f' before the case statement (which is POSIX-compliant): this ensures that $exclude is set to '/usr/*' rather than having one exclude for eveyr top-level directory under /usr. But then inside the case statement, we do want the "*" to be a pattern, so $exclude should be unquoted. o) improve chk_netstat_or_ss Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Tue Feb 21 18:36:54 2023 +0000 - prefer ss to netstat (if it is installed) - ensure $netstat can be influenced by -p like the other commands p) do not hard-code return values from chk_* functions Author: Richard Lewis <richard.lewis.debian@googlemail.com> q) allow running as non-root -- give a warning, but no need to exit as most tests can work Author: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Wed Sep 4 10:22:32 2024 +0100 r) exit 0 at the end Author: Arjan Opmeer, Giuseppe Iuculano <giuseppe@iuculano.it> Date: Tue Aug 11 12:48:02 2009 +0000 (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-20 | ||
| chkrootkit-w55808.patch | chkrootkit: w55808 Improve output (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| chkrootkit-OSX_RSPLUG.patch | chkrootkit: OSX_RSPLUG (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-15 | ||
| chkrootkit-slapper.patch | chkrootkit: slapper Use OPT="-an" with ss and netstat Redirect stderr to /dev/null on every command in a pipeline, not just the last one (this is helpful for non-root users on eg android, where netstat is not accessible) Improve output (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-scalper.patch | chkrootkit: scalper Add exception for ser2net in scalper() (Forwarded by email: 21 Dec 2024) |
Lorenzo 'Palinuro' Faletra <palinuro@parrotsec.org> | invalid | 2018-04-19 | ||
| chkrootkit-asp.patch | chkrootkit: asp (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-sniffer.patch | chkrootkit: sniffer filter ifpromisc output (using -s option) Other minor cleanups from Richard Lewis <richard.lewis.debian@googlemail.com> Do not issue a 'WARNING' if sniffer/ifpromisc finds nothing Date: Sat, 8 Jun 2024 20:26:05 +0100 (Forwarded by email: 21 Dec 2024) |
Stefano Torricella <stetor@y2k.it> | invalid | 2010-05-06 | ||
| chkrootkit-chkutmp.patch | chkrootkit: chkutmp Debian has moved to a 64-but version of time_t which means /var/run/utmp no longer exists. This patch skips the chkutmp() check if there is no file to check (only on Linux) Also better messages if things are skipped - distibguish between skipping because -r is given and not being able to find the helper (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| chkrootkit-z2.patch | chkrootkit: z2 Improve z2 test. Skip chkproc if -r is given, since it checks /proc and running processes Ensure chklastlog can work with -r: Do not add a second copy of ROOTDIR to $WTMP and $LASTLOG Includes contributions from: Author: lantz moore <lmoore@debian.org> Date: Thu Oct 3 01:02:10 2002 -0400 Pass -q to chklastlog (and other cleanups) Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=142422 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=190978 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=229869 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=306263 Forwarded: https://lists.debian.org/debian-security-tools/2021/10/msg00006.html (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-wted.patch | chkrootkit: wted skip if no wtmp files -- on recent Linux, these will not exist because wtmp was rewritten incompatibly to make time_t 64-bit: skip this test in such a circumstance. (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-09-08 | ||
| chkrootkit-bindshell.patch | chkrootkit: bindshell make $PORT space separated - avoids need for sed Avoid calling grep twice (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-27 | ||
| chkrootkit-lkm.patch | chkrootkit: lkm chkutmp and chkproc call 'ps', and per the comments in chkutmp this assumes that this is safe. this patch adds the directory passed by -p to patH before calling those tools so that a known good ps can be used if it is available. To support -p commands in $cmdlist are meant to be called only as $cmd, but there were several places where this was not done: so replace cut with $cut, etc Move test for existence of chkdirs and chkproc later so that other subtests can still run if neither is present Make it clearer which command produced output Allow chkdirs to be used with -r (and better message if it is skipped). There is no need to combine the eligibility checks for chkproc and chkdirs -- test them independently. The setting if PV is onky needed for chkproc there is no need to skip chkdirs on SunOS (just set PV=0), and the check of the FreeBSD versionn did not make sense Cope with the case where none of the dirs to be checked exists (the ls | tr pipeline is broken in that case, and ls | tr is pretty pointless chkrootkit on termux, where none of the directories exist) (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-21 | ||
| chkrootkit-helper-functions-for-reporting-results.patch | chkrootkit: helper functions for reporting results (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-lookfor-rootkit.patch | chkrootkit: lookfor-rootkit This is a helper function to simplify and unify tests that simply test for files/dirs existing Originally from: "francois@debian.org" <francois@debian.org> and "Roger Leigh" <Roger Leigh rleigh@debian.org> (Sun, 10 Nov 2024 10:24:09 +0000) Functionality to exclude things provided by -e provided by richard.lewis.debian@googlemail.com in Oct 2024. (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2017-07-09 | ||
| chkrootkit-aliens.patch | chkrootkit: aliens Various improvements for the aliens test, includes contributions from: Set $HOME (accounting for -r) Quote variables, which may contain spaces do not add an extra / after ${ROOTDIR} - it already ends in a / Use POSIX-supported $(...) instead of legacy `...` Use $findargs with invoations of find LOC rootkit: Output the results of the loc() function in test for LOC rootkit From: Arthur de Jong <arthur@west.nl> Date: Sun, 9 Jul 2017 23:11:21 +0200 Part of the test for the Kovid LKM rootkit involves sending a SIGCONT signal to pid 31337 This patch comments that out - this may break that test, but that seems preferable to sending signals to normal processes. From: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat, 18 Feb 2023 21:14:45 +0000 Limit search for history files to -maxdepth 1 (do not search all of $HOME for .history!). And make check of .history work with -r (set $HOME to something sensible - this also prevents a duplicate / in the output when no -r is used) In sniffers-logs test, use -wholename From: Francois Marier <francois@debian.org> Date: Sun, 9 Jul 2017 18:42:55 +0200 1. Use -l option to grep so we print the filenames that match rather than the match itself 2. Test the files in $ROOTDIR/proc/*/stack rather than those on the host From: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat, 13 Jul 2024 20:15:04 +0100 Date: Sat, 13 Jul 2024 18:05:00 +0100 t0rn, Ambient - Remove unnecessary backslashes from two chkrootkit messages From: "James R. Van Zandt" <jrv@debian.org> Date: Sat, 6 Sep 2008 14:34:13 -0400 Improved output * Use _start before each sub-test * Use _report, _warn, _not_found, _not_tested to get consistent output --- this ensures no unwanted output when nothing is found * Use _filter and find_and_check() to let the user hide false positives via -e * Use lookfor_rootkit for tests that simply test for files/dirs existing Do not hang in an lxc container: lxc bind-mounts pts devices over /dev, but find does not notice, so find /dev -type f still finds /dev/console. The aliens test then tries to grep this and hangs. This patch passes --device=skip to grep which stops it hanging. Another alternative would be to pass '! -fstype devpts'. From: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Fri, 29 Oct 2021 23:35:11 +0100 LPD Worm - Also redirect stderr from grep to /dev/null in vase ineyd.conf does not exist. Search /usr/bin as well aa /bin given recent linux systems replace /bin with a symlink to /usr/bin these (usrmerg) the Omega worm. Some lxc containers (such as those used in the debian buildd debci system), have a /dev that 'contains' files from the host that cannot be read. This patch redirects stderr from the find to /dev/null to avoid messages appearing in the chkrootkit output (this is consistent with the check for the Lion Worm). From: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat, 27 Nov 2021 16:29:22 +0000 Make the 'T.R.K' test capable of finding anything From: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat, 27 Nov 2021 16:32:41 +0000 Before this patch the check for T.R.K was running find but redirecting both stdout and stderr to /dev/null, so nothing could ever be detected. Only stderr needs to be ignored. Author: Giuseppe Iuculano <iuculano@debian.org> Date: Mon Mar 23 10:08:37 2015 +0100 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=740898 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901557 From: Unknown Author <team+pkg-security@tracker.debian.org> Date: Sun, 9 Jul 2017 18:42:55 +0200 syslogk - use $echo From: Richard Lewis <richard.lewis.debian@googlemail.com> Date: Sat, 13 Jul 2024 18:17:16 +0100 The syslogk test had an inconsistent use of "echo 1 >" vs "echo 1>". this was fixed upstream in 0.58b but a line in the 'expertmode' output was missed. that line should only be used if -x is passed (i assume), so add 'expertmode_output' as well Without this using -r may create a file called 1 in ${ROOTDIR}/proc/ if that dir happened to exist and be writeable -- usually ROODIR is empty and /proc is not writable, but with -r it could point to a plain directory (eg: mountpount for a container) -- and in fact, skip the main sysogk check when -r is given since it needs /proc to be 'correct' suspect php files: use check_php helper to work with files containing spaces Before this patch, 1. Any non-text file contents confuse the results of the grep if they match. 2. Not file names are printed, but file contents. . This patch fixes '/usr/bin/find: head terminated by signal 13' errors and prints affected file names instead of their content. . This was contributed by (Author: Andreas Stempfhuber <andi@afulinux.de>, Sun Jul 9 18:42:55 2017 +0200) but was refreshed in 2023 and completely rewritten in 2024 64-bit modules: The test has a stray '2' which means the call to find will always give a syntax error and never find anything. I assume this is a typo and should be deleted. (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-chk_chfn.patch | chkrootkit: chk_chfn (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-chk_chsh.patch | chkrootkit: chk_chsh (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-chk_login.patch | chkrootkit: chk_login Remove stray ']' Redirection of stderr should be after redirection of stdout, not before (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-20 | ||
| chkrootkit-chk_passwd.patch | chkrootkit: chk_passwd (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-chk_inetd.patch | chkrootkit: chk_inetd (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-chk_syslog.patch | chkrootkit: chk_syslog (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-16 | ||
| chkrootkit-chk_hdparm.patch | chkrootkit: chk_hdparm (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_gpm.patch | chkrootkit: chk_gpm (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_mingetty.patch | chkrootkit: chk_mingetty (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_sendmail.patch | chkrootkit: chk_sendmail (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_ls.patch | chkrootkit: chk_ls (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_du.patch | chkrootkit: chk_du (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_named.patch | chkrootkit: chk_named (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_netstat.patch | chkrootkit: chk_netstat (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_ps.patch | chkrootkit: chk_ps (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_pstree.patch | chkrootkit: chk_pstree (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_crontab.patch | chkrootkit: chk_crontab (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_top.patch | chkrootkit: chk_top (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_pidof.patch | chkrootkit: chk_pidof (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_killall.patch | chkrootkit: chk_killall (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_ldsopreload.patch | chkrootkit: chk_ldsopreload Pass paths with better quoting grep after strings-static? (this is an upstream issue, but the fix is unclear) (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-09-08 | ||
| chkrootkit-chk_basename.patch | chkrootkit: chk_basename (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_dirname.patch | chkrootkit: chk_dirname (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_traceroute.patch | chkrootkit: chk_traceroute (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_rpcinfo.patch | chkrootkit: chk_rpcinfo (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_date.patch | chkrootkit: chk_date Redirect output of grep to /dev/null (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2023-02-20 | ||
| chkrootkit-chk_echo.patch | chkrootkit: chk_echo (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_env.patch | chkrootkit: chk_env (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_timed.patch | chkrootkit: chk_timed (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_identd.patch | chkrootkit: chk_identd (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_init.patch | chkrootkit: chk_init (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_pop2.patch | chkrootkit: chk_pop2 (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_pop3.patch | chkrootkit: chk_pop3 (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_write.patch | chkrootkit: chk_write (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_w.patch | chkrootkit: chk_w (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_vdir.patch | chkrootkit: chk_vdir (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_tar.patch | chkrootkit: chk_tar (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-rexedcs.patch | chkrootkit: rexedcs (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_mail.patch | chkrootkit: chk_mail (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_biff.patch | chkrootkit: chk_biff (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_egrep.patch | chkrootkit: chk_egrep (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_grep.patch | chkrootkit: chk_grep (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_find.patch | chkrootkit: chk_find (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_rlogind.patch | chkrootkit: chk_rlogind (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_lsof.patch | chkrootkit: chk_lsof (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_amd.patch | chkrootkit: chk_amd (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_slogin.patch | chkrootkit: chk_slogin (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_cron.patch | chkrootkit: chk_cron (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_ifconfig.patch | chkrootkit: chk_ifconfig (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_rshd.patch | chkrootkit: chk_rshd (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_tcpdump.patch | chkrootkit: chk_tcpdump (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_tcpd.patch | chkrootkit: chk_tcpd Includes some work by: Francois Marier <francois@debian.org> Date: Sun, 9 Jul 2017 18:42:55 +0200 (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 | ||
| chkrootkit-chk_sshd.patch | chkrootkit: chk_sshd Fix logic so that sshd test runs: '-s' means size >0, so we want NOTFOUND if -s fails (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2021-10-16 | ||
| chkrootkit-chk_su.patch | chkrootkit: chk_su (Forwarded by email: 21 Dec 2024) |
Richard Lewis <richard.lewis.debian@googlemail.com> | invalid | 2024-10-17 |